FinCEN CDD Rule, AMLA 2020 & the Corporate Transparency Act *(OUTLINE + BULLET BODY)*

Who really owns the company behind the account? For decades, that was the easy question criminals exploited — hide behind a shell, and nobody at the bank ever sees the human pulling the strings. In 2018, the FinCEN Customer Due Diligence Rule forced banks to ask. In 2021, Congress went further and built a national registry of company owners. This lecture connects three pieces — the CDD Rule, the Anti-Money Laundering Act of 2020, and the Corporate Transparency Act — and the exam loves the numbers in them, especially one: twenty-five percent.

- Effective **May 2018**; codified at **31 CFR 1010.230** and related sections. Often called the **"fifth pillar"** of an AML program because it formalized CDD as a required element alongside the original four pillars. - It sets out **four core requirements** ("the four prongs"): 1. **Customer identification and verification** (the existing CIP requirement under PATRIOT Act §326 — verify the identity of the customer). 2. **Identify and verify beneficial owners** of **legal entity customers** (the new requirement the rule added). 3. **Understand the nature and purpose** of the customer relationship (to develop a customer risk profile). 4. **Conduct ongoing monitoring** to identify and report suspicious transactions and, on a risk basis, **maintain and update customer information**. - Exam cue: be able to list all four and recognize that prong 2 (beneficial ownership) is what the 2018 rule newly required.

- For each **legal entity customer**, at account opening the institution must identify beneficial owners under **two independent prongs**: - **Ownership prong:** each individual who **owns 25% or more** of the equity interests of the entity (there can be zero up to four such individuals). - **Control prong:** **one individual** with **significant managerial control** — e.g., a CEO, CFO, COO, managing member, general partner, president, or other executive who exercises control. There is **always at least one** control-prong person. - So an institution could identify **as few as one** (control only, if no one owns ≥25%) and **up to five** beneficial owners (four at 25% + one controller) for a single entity. - The institution typically collects this via a **standard certification form** with the name, date of birth, address, and an identifying number (e.g., SSN) for each beneficial owner — and verifies identity to CIP standards. - Exam cue: **25% ownership OR significant control**; the control prong is **separate** and always yields at least one person. Don't say "you only need owners over 25%."

- The **Anti-Money Laundering Act of 2020** (part of the NDAA for FY2021) is the most significant overhaul of US AML law since the PATRIOT Act. - Key thrusts: - Established the **beneficial-ownership reporting** framework via the embedded **Corporate Transparency Act (CTA)** — a national registry, shifting BO collection from banks to a government database. - **Expanded whistleblower** rewards and protections for AML violations. - **Strengthened FinCEN's authority**, increased penalties, and emphasized **modernization, innovation, and information sharing**. - Brought **certain antiquities dealers** within BSA coverage and signaled study of others (e.g., art). - Set national AML/CFT **priorities** that institutions must incorporate into risk-based programs. - Exam cue: AMLA 2020 = modernization + whistleblower expansion + the CTA's BO registry; it builds on, not replaces, the BSA.

- The **Corporate Transparency Act** requires many **"reporting companies"** (corporations, LLCs, and similar entities created or registered by filing with a secretary of state) to report their **beneficial owners** and **company applicants** directly to **FinCEN**, into a secure central registry. - The CTA uses a **25% ownership or substantial control** definition of beneficial owner — conceptually aligned with the CDD Rule's two prongs. - Reporting companies provide each beneficial owner's name, date of birth, address, and a unique identifying number from an acceptable document. - The registry is **not public** — access is restricted to authorized government agencies (and, with customer consent, financial institutions for CDD purposes). - Numerous **exemptions** exist (e.g., large operating companies, banks, and other already-regulated entities). - Exam framing at the concept level: the CTA creates a **government-held BO registry** so law enforcement and (in limited cases) banks can identify the humans behind companies — addressing the shell-company problem at the source.

- **Before:** beneficial ownership lived (if anywhere) only inside each bank's onboarding files, collected one customer at a time under the CDD Rule. - **After AMLA/CTA:** a **central FinCEN registry** holds BO data reported by the companies themselves — reducing reliance on each institution to discover ownership and helping law enforcement pierce shell structures. - The two regimes coexist: the **CDD Rule** governs what **financial institutions** must do at onboarding; the **CTA** governs what **companies** must report to **FinCEN**. (FinCEN has been working to align/streamline the two, but for the exam, know them as distinct-but-related.) - Why it matters for AML: anonymous shell companies were a top laundering tool (recall the typologies lecture); these rules attack that anonymity.

Three pieces, one theme: find the real owner. The CDD Rule gives you four prongs — identify the customer, identify beneficial owners, understand the relationship, and monitor ongoing — and its beneficial-ownership test is twenty-five percent ownership or significant control, always at least one controller, up to five people total. AMLA 2020 modernized US AML and launched the beneficial-ownership registry through the Corporate Transparency Act, which makes companies report their owners directly to FinCEN. Next, we shift from finding owners to blocking bad actors: OFAC and sanctions — the SDN list, blocking versus rejecting, strict liability, and the fifty-percent rule.